) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): PEGA Platform
- Search Type: Search All
- CPE Name Search: false
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2025-2161 |
Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup Published: April 14, 2025; 11:15:24 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-2160 |
Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup Published: April 14, 2025; 11:15:24 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-12211 |
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. Published: January 13, 2025; 12:15:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-10716 |
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. Published: December 05, 2024; 11:15:23 AM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2024-10094 |
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code Published: November 20, 2024; 10:15:08 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2024-6702 |
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. Published: September 12, 2024; 11:18:27 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2024-6701 |
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. Published: September 12, 2024; 11:18:26 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2024-6700 |
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. Published: September 12, 2024; 11:18:26 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2023-50168 |
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation. Published: March 14, 2024; 12:15:49 PM -0400 |
V4.0:(not available) V3.1: 7.7 HIGH V2.0:(not available) |
| CVE-2023-50167 |
Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content. Published: March 06, 2024; 1:15:46 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-50166 |
Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. Published: January 31, 2024; 1:15:46 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-50165 |
Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents. Published: January 31, 2024; 1:15:46 PM -0500 |
V4.0:(not available) V3.1: 8.6 HIGH V2.0:(not available) |
| CVE-2023-32089 |
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description Published: October 18, 2023; 8:15:09 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-32088 |
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation Published: October 18, 2023; 8:15:09 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-32087 |
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation Published: October 18, 2023; 8:15:09 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-4843 |
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user. Published: September 08, 2023; 1:15:30 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2023-32090 |
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials Published: August 07, 2023; 8:15:10 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-28094 |
Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. Published: June 22, 2023; 5:15:09 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-26465 |
Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. Published: June 09, 2023; 5:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-35656 |
Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. Published: August 22, 2022; 11:15:16 AM -0400 |
V4.0:(not available) V3.1: 4.5 MEDIUM V2.0:(not available) |